Threats of using Outdated Software
Many ATMs currently in India are susceptible to data breach and hacking because they run on outdated Microsoft software. There is a high probability that the ATM in your area is running on software, Microsoft stopped supporting and enhancing long back. Astonishingly about 70% ATMs in India run on Windows XP, for which Microsoft stopped offering security updates, patches and technical support in April 2014. This makes the data vulnerable to hackers who are looking for a loophole in the system. Card details can be extracted and misused in innumerable illegal ways.
According to a recent report around 3.2 million Indian debit cards were compromised in one of the largest breaches of financial data and the recent fiascos now and then keep us in perfect panic mode. While we are lost in securing passbook details and ATM pin, this crucial detail escapes our mind. The public is poorly educated on these issues and hence unable to voice concern and hold the banks responsible.“Responsibility lies with the banks to upgrade from Windows XP to Windows 7, as has been done globally,” said Navroze Dastur, managing director, NCR India. Altaf Halde, managing director of cyber security company Kaspersky Lab, pointed out that that almost 75% of ATMs in India are using unsupported Windows XP confirming the threats to data privacy of common man.
Most ATMs are not owned by banks but by payment technology and service providers like Financial Software and Systems (FSS) and FIS Global in India. These companies buy the machines from global giants like NCR and Diebold. NCR is the largest provider of ATMs in the country with a 47% market share.
The new ATMs run on Windows 7, which is on extended support by Microsoft till January 2020. The mainstream support for Windows 7 ended in January 2015.
A banking vertical head at a software vendor said, “There’s lethargy in the system that prevents timely upgrades. Using unsupported software makes ATMs vulnerable to attacks.” By global standards, ATMs should be replaced every five years and switched to new software. In India, ATM refresh can stretch up to 10 years. The older machines are relocated, but not scrapped. “Software and hardware refresh cycles need to shrink if India aims to be a digital transactions economy,” said Praveen Bhadada, partner and head of digital transformation at consultancy Zinnov. Truly,being a global entrant into the economic race, we can ill afford such negligence.